From bc311611625a8aaa26813809a2c820fcd286ba2b Mon Sep 17 00:00:00 2001 From: Steve French Date: Mon, 29 Dec 2025 10:23:12 -0600 Subject: smb3 client: add missing tracepoint for unsupported ioctls In debugging a recent problem with an xfstest, noticed that we weren't tracing cases where the ioctl was not supported. Add dynamic tracepoint: "trace-cmd record -e smb3_unsupported_ioctl" and then after running an app which calls unsupported ioctl, "trace-cmd show"would display e.g. xfs_io-7289 [012] ..... 1205.137765: smb3_unsupported_ioctl: xid=19 fid=0x4535bb84 ioctl cmd=0x801c581f Acked-by: Bharath SM Signed-off-by: Steve French --- fs/smb/client/ioctl.c | 3 +++ fs/smb/client/trace.h | 1 + 2 files changed, 4 insertions(+) (limited to 'fs') diff --git a/fs/smb/client/ioctl.c b/fs/smb/client/ioctl.c index 0a9935ce05a5..d1b153209424 100644 --- a/fs/smb/client/ioctl.c +++ b/fs/smb/client/ioctl.c @@ -588,6 +588,9 @@ long cifs_ioctl(struct file *filep, unsigned int command, unsigned long arg) break; default: cifs_dbg(FYI, "unsupported ioctl\n"); + trace_smb3_unsupported_ioctl(xid, + pSMBFile ? pSMBFile->fid.persistent_fid : 0, + command); break; } cifs_ioc_exit: diff --git a/fs/smb/client/trace.h b/fs/smb/client/trace.h index b0fbc2df642e..a584a7743113 100644 --- a/fs/smb/client/trace.h +++ b/fs/smb/client/trace.h @@ -1579,6 +1579,7 @@ DEFINE_EVENT(smb3_ioctl_class, smb3_##name, \ TP_ARGS(xid, fid, command)) DEFINE_SMB3_IOCTL_EVENT(ioctl); +DEFINE_SMB3_IOCTL_EVENT(unsupported_ioctl); DECLARE_EVENT_CLASS(smb3_shutdown_class, TP_PROTO(__u32 flags, -- cgit v1.2.3 From fa2fd0b10f66b08bc44745feed1761d7c1539d6e Mon Sep 17 00:00:00 2001 From: Henrique Carvalho Date: Mon, 29 Dec 2025 14:49:43 -0300 Subject: smb: client: fix UBSAN array-index-out-of-bounds in smb2_copychunk_range struct copychunk_ioctl_req::ChunkCount is annotated with __counted_by_le() as the number of elements in Chunks[]. smb2_copychunk_range reuses ChunkCount to store the number of chunks sent in the current iteration. If a later iteration populates more chunks than a previous one, the stale smaller value trips UBSAN. Set ChunkCount to chunk_count (allocated capacity) before populating Chunks[]. Fixes: cc26f593dc19 ("smb: move copychunk definitions to common/smb2pdu.h") Link: https://lore.kernel.org/linux-cifs/CAH2r5ms9AWLy8WZ04Cpq5XOeVK64tcrUQ6__iMW+yk1VPzo1BA@mail.gmail.com Tested-by: Youling Tang Acked-by: ChenXiaoSong Signed-off-by: Henrique Carvalho Signed-off-by: Steve French --- fs/smb/client/smb2ops.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'fs') diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c index a16ded46b5a2..c1aaf77e187b 100644 --- a/fs/smb/client/smb2ops.c +++ b/fs/smb/client/smb2ops.c @@ -1905,6 +1905,12 @@ retry: src_off_prev = src_off; dst_off_prev = dst_off; + /* + * __counted_by_le(ChunkCount): set to allocated chunks before + * populating Chunks[] + */ + cc_req->ChunkCount = cpu_to_le32(chunk_count); + chunks = 0; copy_bytes = 0; copy_bytes_left = umin(total_bytes_left, tcon->max_bytes_copy); -- cgit v1.2.3